-
漏洞作者

-
漏洞信息

漏洞作者:
This vulnerability was first discovered by fish stiqz <fish@analog.org> and Michel "MaXX" Kaempf <maxx@mastersecurity.fr>, and was announced by Michel "MaXX" Kaempf <maxx@mastersecurity.fr> on January 14, 2001 via Bugtraq.

-
受影响的程序版本

-
漏洞讨论

splitvt is a VT100 window splitter, designed to allow the user two command line interfaces in one terminal window, originally written by Sam Lantinga. It is freely available, open source, and included with many variants of the Linux Operating System.

A problem in the program could allow for a format string attack. The problem occurs in the handling of format strings by the -rcfile command line flag. By placing shellcode in the $HOME environment variable, and generating a custom crafted request to the splitvt program it is possible to overwrite variables on the stack, and arbitrarily execute code contained in the $HOME environment variable. This makes it possible for a user with malicious motives to execute arbitrary code, and in implementations with the splitvt binary installed SUID root, gain administrative privileges. There are also various reported buffer overflows in the code. These have been addressed in the new release.

-
漏洞利用

This exploit was provided by Michel Kaempf &lt;maxx@mastersecurity.fr&gt; on January 14, 2001: